X

Malware loves Android, but iOS users could be at risk too

A new study from Juniper finds that Android is the hardest hit by malicious apps but says iOS could be vulnerable as well.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
3 min read

Android has gotten a lot of negative buzz for its susceptibility to malware. But a new study from Juniper Networks suggests that iOS could also be at risk.

Scanning hundreds of thousands of applications across the mobile landscape for its 2011 Mobile Threats Report, Juniper uncovered more than 28,000 pieces of malware last year, a rise of 155 percent from 2010.

As expected, Android was the post popular target.

Malware aimed at Google's mobile OS surged to 13,000 samples at the end of last year from only 400 in June, an increase of 3,325 percent. The platform's leading market share and the lack of control over the apps found in Android app stores have attracted more malware writers.

Before 2011, most mobile malware was targeted at Nokia's Symbian and Java ME, which runs on feature phones. But since then, Juniper has witnessed a huge shift toward Android.

Juniper's database didn't include malware samples for iOS, not necessarily because none exist, but because Apple doesn't release such data or open its platform for such analysis.

"While malicious applications on the iOS platform are limited in large part due to Apple's closed application marketplace and stringent screening model, it does not necessarily make it fundamentally more secure," Juniper said in its report released on Tuesday. "For one, when a user 'jailbreaks' their device by removing the limitations on the operating system, the device can be susceptible to malicious applications downloaded from third-party sources."

In fact, an IOS security flaw was discovered in November that allowed apps to download potentially malicious unsigned code. Apple patched the flaw with its iOS 5.0.1 update. And an app exploiting this type of flaw would've been rejected during Apple's approval process. But the incident did show that even iOS isn't invulnerable.

Further, Apple doesn't provide developers with the tools to create anti-malware apps, according to the report. The company may feel secure and justified in not allowing such development. However, such a policy could prove problematic should any risky apps manage to sneak through Apple's approval process.

"This lack of software protection and a competitive security market leaves users with little protection if malware were ever to make it through Apple's application vetting process," Juniper noted. "In the long run, this could create a false sense of security for Apple users and prove to be an even bigger risk than Android's open model."

Android Market alone has seen its share of misbehaving apps. But Juniper uncovered a large number of malicious apps from third-party Android app stores, which aren't protected by Google's new Bouncer service, a tool that can scan Android Market for malware.

Google's open-source platform for Android also means that it's up to device makers and carriers to push out security patches, a process that can take a long time.

"Many device manufacturers build customized versions of the Android operating system and, as a result, certain devices do not receive - or must wait months to receive - security updates," Juniper said. "This means that even patched security vulnerabilities and new security features may not get pushed to all devices, making them less secure and more vulnerable to malware."

The bad guys themselves became more sophisticated last year, tricking Android users into downloading their dirty work. DroidKungFu sneaked past detection by using encrypted payloads, while Droid Dream masqueraded as a legitimate app.

Google itself was kept quite busy last year removing malware from Android Market and from mobile devices.

The company has tried to keep up by jettisoning the malicious apps as quickly as possible. But the discovery process can sometimes take days, Juniper noted, leaving more than enough time for the payloads to infect smartphones and tablets. That's one key reason why Google has implemented its Bouncer scanner.